[wp-hackers] WordPress plugin inspections

Harry Metcalfe harry at dxw.com
Wed Feb 19 20:40:45 UTC 2014


Hi Josh,

Thanks for the heads-up. I've had a quick look at the github issue - 
I'll reply to that feedback there.

Regarding a private report - this isn't a vulnerability report. We do 
those too (see the Advisories section) and we have a disclosure policy 
for those which you can see here (https://security.dxw.com/disclosure/).

Inspections are a very light touch thing, and we don't think they go 
into enough detail to be able to make categorical claims about 
vulnerability. The idea behind an inspection is to give a general sense 
of the sorts of issues which might exist. I'm about to reply to Chris's 
post with more explanation on that point.

Harry


On 19/02/2014 19:45, Josh Pollock wrote:
> Harry-
>
> I am the community manager for Pods we were made aware of your evaluation
> by a user who reported it in our GitHub issue tracker. Our leader
> developer, Scott K. Clark, has responded to your claims, which we do not
> consider to be fair, here:
>
> https://github.com/pods-framework/pods/issues/2043#issuecomment-35538379
>
> I would encourage you to contact the developers of plugins before releasing
> vulnerability reports. This sort of vague report doesn't help us improve
> our plugin, something we are constantly doing based on input from users. It
> only serves to potentially confuse users.
>
> Take care,
> Josh Pollock
>
>
> On Wed, Feb 19, 2014 at 1:43 PM, Harry Metcalfe <harry at dxw.com> wrote:
>
>> Hello list,
>>
>> We write and publish light-touch inspections of WordPress plugins that we
>> do for our clients. They are just a guide - we conduct some basic checks,
>> not a thorough review.
>>
>> Would plugins which fail this inspection be of general interest to the
>> list and therefore worth posting? Is the list also interested in
>> vulnerability advisories, or do people tend to get those elsewhere?
>>
>> Here's an example report:
>>
>> https://security.dxw.com/plugins/pods-custom-content-types-and-fields/
>>
>> Grateful for a steer...
>>
>> Harry
>>
>>
>> --
>> Harry Metcalfe
>> 07790 559 876
>> @harrym
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list